New Features - Winter 2016

Posted by Richard Ortenberg on Jan 18, 2017 12:00:00 AM

Foxpass is excited to officially announce some new features we've rolled out over the past few months.


RADIUS Attributes & VLAN


You can now return RADIUS attributes to enable VLAN assignment and other capabilities for your RADIUS clients. Create a set of attributes from the 'RADIUS Attributes' page, then assign it to a client from the 'RADIUS Clients' page. You can add Constant Attributes which return the same value for all calls and Conditional Attributes which return specific values depending on a user’s group memberships. We also support vendor specific codes, let us know if you don't see your setup listed and we'll add it. You can read more detailed instructions of setup and configuration here for general attribute sets or here for VLAN assignment.

 

pic4

LDAP MFA


We've added multi-factor authentication support for LDAP, using Duo. MFA can be enabled for a company from the 'Configuration' page. If enabled, all users will use MFA for LDAP operations but you can exempt specific users. LDAP binders cannot use MFA. You can also set an MFA policy for when the MFA provider is down or otherwise unreachable. Foxpass will use that policy to either allow or restrict all LDAP operations with a correct password. ‘Ignore’ will ignore the MFA failure and allow the login, and ‘secure’ will default to a secure model and block the login.

mfa1

Posix Users & Groups


You can now specify which users and groups return Posix information through LDAP. Posix users are employees who don't need SSH access but do need LDAP access for things like OSX machine logins. You can modify whether or not a user is returned from the ‘Users’ page in the ‘Unix Info’ column. ‘Engineer’ and ‘Posix’ user types contain Posix info, while ‘Standard’ users do not. Additionally, you can modify a user’s Posix setting from the API, which is documented here.posix1
You can also explicitly manage which groups are returned to your servers from LDAP queries. You can specify whether these groups are a “posixGroup” or not on the ‘Groups’ page. You can also change the default for new groups from the ‘Config’ page.posix2

posix3

Hostgroups Temporary Groups & API


You can now add temporary group memberships to hostgroups. Temporary group memberships can be managed on the 'Hostgroups' page the same way as temporary user memberships. We've also extended our API to support hostgroup membership operations for both users and groups. Read up on documentation for that here.hostgroup1

hostgroup2

Office 365 Delegated Auth


We’ve added Office 365 to our list of delegated authentication options. Delegated authentication uses Foxpass as a proxy to pass users’ passwords through Foxpass to a designated identity provider so your users can utilize SSO across their whole stack. Enabled delegated authentication on the 'Authentication Settings' page.delegated1

User Filter & Username in Dashboard


We've added the ability to filter users by first or last name on the 'Users' page. Additionally, if one of your users forgets their username they can check it from their dashboard.userfilter1

 

 

Coming Soon:


Foxpass Cache


We’re wrapping up development on an Foxpass cache you can run locally in a Docker container. If your hosts or access points can’t reach Foxpass’s servers, they’ll use your local cache as a fallback option.


StartTLS Support


Our LDAP servers will soon support StartTLS.

Please contact us if you'd like to be involved in our beta trial!

Upgrade your security.

Click Here to learn how Foxpass can help you avoid costly security mistakes

Subscribe Here

Recent Posts

Categories